Notes from the IAPP Canada Managing Director, Nov. 30, 2018

If you read this digest, it is likely that you also subscribe to the IAPP’s daily newsletter that reports on privacy news from around the world, the Daily Dashboard. I was reading this publication recently and noticed a few stories about enforcement actions out of the EU. It has been approximately six months since the GDPR came into force, and some investigations have been completed. Not surprisingly, some of these investigations have resulted in fines being levied.

Some are modest — like 4,000 euros — but others are CASL-like. For instance, one hospital was fined by the Portuguese DPA approximately 400,000 euros.

And, while I was reading these stories, it made me think about the enforcement models being used in Canada. A recent case from the Federal Court came to mind. Here’s a link to the entire case if you want to read it.

It is about how the Royal Bank of Canada mishandled and lost a customer’s mortgage application paperwork. Unfortunately, the privacy commissioner’s investigation led to no meaningful recourse for the complainant, and she was forced to take on the banking giant by herself by initiating risky litigation. She did not retain a lawyer but won her case after the court concluded that RBC failed to meet PIPEDA’s obligation to properly safeguard the information.

I’m not sure what would’ve happened in the EU if a DPA was presented with a similar case. But, in this instance, the RBC was ordered to pay the complainant $2,000 and an additional $800 in costs. What do you think? Does that provide sufficient incentive among Canadian organizations to ensure that they properly safeguard your information?

My suspicion is that the RBC is much more careful with its e-marketing efforts because the fines under CASL provide enough incentive. It failed to meet PIPEDA obligations in this case, and I can only speculate about whether the result of this case will result in any greater effort to make sure PIPEDA isn’t violated in the future. Your thoughts are always welcome.

Tags

Comments

Related Stories

Welp. The year is finally over. The year we, as privacy professionals, thought might kill us dead at some of our more stressful moments. But we survived the implementation of the EU General Data Protection Regulation and the passage of California's landmark Consumer Privacy Act, all in one calendar ...

As 2018 comes to a close, an article for Forbes reflects on the accomplishments of the year, as well as the emerging areas of focus for data-driven businesses in 2019. Among the topics, the article includes artificial intelligence, machine learning, blockchain, cloud computing and cybersecurity as s...

Egress, a startup that uses artificial intelligence to help reduce the risk of data breaches, has secured $40 million in Series C funding, VentureBeat reports. Co-Founder and CEO Tony Pepper said the funding would support the company’s growth in Europe and help build the company’s capacity at its Bo...

As we close out yet another year of phenomenal growth in the privacy industry and here at the IAPP, Senior Content Manager Emily Leach, CIPP/E, CIPP/US, offers this look at our most-accessed resources. You'll see that despite California's best efforts, the EU General Data Protection Regulation has h...

In this week’s Privacy Tracker global legislative roundup, read about the latest to voice support for a U.S. federal privacy law, including Google’s Sundar Pichai and U.S. Federal Trade Commission Chair Joseph Simons. The European Data Protection Board released its opinion on the European Commission...

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.

The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.